When McDonald’s Canada was hacked, 95,000 job applicants’ information was compromised and simply notifying regulatory authorities of the breach likely cost the firm close to $12 million according to Rogers Insurance’s commercial broker, Kevin Lea.
Notification of a hack is a practice that will soon become obligatory nationwide under the Digital Privacy Act and as, Lea pointed out, it’s already an enforced law in B.C., Alberta and Quebec.
Learn more about cyber insurance here.
That legislation could drive demand for cyber coverage in Canada to new heights given companies will face greater regulatory exposure, Lea said.
“I do believe these kinds of requirements are going to push up the demand for it [cyber insurance] simply because part of the requirements under the now updated Digital Privacy Act are that these notifications have to go out to these affected parties and have to go out through the (privacy) commissioner,” Lea said.
Want the latest insurance industry news first? Sign up for our completely free newsletter service now.
“A typical proper cyber policy is going to cover those notification costs of dealing with the appropriate authorities and any type of remediation costs you might have to provide for your employees or clients or whoever was affected by the privacy breach. So with those additional costs being effectively mandated under the new updated legislation that applies nationally, instead of province by province, there will definitely be an uptick in demand.”
But what does it mean for brokers? Cyber-attacks are targeting small and medium sized businesses and the cost of reporting alone, aside from the damage to business, is enough to sink many organizations.
“Just because a broker’s client may not be McDonald’s, doesn’t mean that their clients might not also be targeted by these types of cyber-attacks,” Lea said. “Brokers need to realize that although a large variety of insurances may be branded as cyber or privacy breach, there is a massive difference between what these products offer and the insuring agreements within them.
“Some cyber products have 20 or more insuring agreements within them and are very comprehensive - while some of them may only have one. So just because you’ve sold your client a cyber policy through an insurer, if you don’t read that policy and understand what it is and isn’t covering, you’re not really in an advantageous position.”
One of the biggest obstacles cyber insurance faces is clients’ unwillingness to purchase something they don’t understand or believe they don’t need. That’s where the broker comes in.
“Clients are hesitant to buy new types of insurance, especially if they don’t understand them,” Lea said.
“From a client service perspective, if your client is hesitant on what type of cyber insurance they want to buy, it is better to have a less expensive cyber insurance policy as an add-on to their traditional package and just get them some protection in the event of a data breach as opposed to foregoing cyber all together.”
Related stories:
Keeping up with cyber criminals
What April Canada’s new financial services policy means for brokers